Safety and continuity
At Comrads, we know that security is critical. Protecting your privacy is therefore our top priority and the reason why we adopt and adhere to the best industry standards. Comrads is ISO/IEC 27001:2013 certified and meets the requirements and standards of the GDPR. Comrads takes strict precautionary, technical and organizational security measures to ensure a high level of security to protect your data and files from unauthorized or unlawful access.
Hosting and storage
Secure and scalable cloud storage
All customer applications and modules at Comrads run exclusively within the EEA on private cloud servers provided by Amazon Web Services (AWS), our trusted business partner with a global network of high-performance data centres. These are secured with access protocols, biometric scan profiles and 24/7 surveillance and monitoring.
Physical security
Authorized access only
AWS' data servers are designed to minimize the impact of global operational disruptions. In addition, AWS data centers are staffed 24/7 by specially trained security guards, secured by CCTV cameras and biometric access controls. Authorized access is granted on a need-to-know basis.
Availability
Always safely accessible
Comrads offers scalable SaaS solutions that are accessible 24/7 worldwide through a web browser. No need to install anything on your own servers. Secured by a strict role-based system (RBAC), every request for access to your stored information is verified via profiles and ensures that your assets are securely available at all times.
Server and application security
Only standard is not enough
All of Comrads' private cloud servers are effectively secured and encrypted. Comrads not only uses the standard AWS Shield service, a managed Distributed Denial of Service (DDoS) protection, but Comrads additionally implements the full-stack server and application security services AWS Inspector, AWS GuardDuty, AWS CloudWatch and Bitninja Fullstack Security. Together, these services guarantee a high level of security against attacks and threats.
Comrads full-stack server and application security
Application access
Users can access Comrads' applications globally and 24/7 with a browser and internet connection. All traffic to and from the Comrads applications uses only a secure HTTPS connection, so all data (including usernames and passwords) is transferred through an encrypted connection. Furthermore, it is possible to make the customer applications accessible only from specific IP addresses. Comrads also supports Single-Sign-On (SSO) to give (internal) users secure access with just one set of login details.
Server access
Administrative access to all of our servers at AWS is limited to authorized Comrads employees only from the Comrads office or remotely via the Comrads VPN using the SSH and MySQL protocol. Each client basically has its own server within Comrads' standard VPC. It is not possible to 'hop' from one server to another within the same VPC. This is prevented by means of an IP restriction.
Network security
The Comrads network is protected by firewalls and virus scanners that are maintained with regular upgrades and patches. Remote access to Comrads' network is only possible through our VPN. In addition, all workstations are secured and protected by the latest Endpoint Security software from ESET.
Backups
If for any reason you should lose or damage some files, a full backup is always available. Our software protects the countless hours and resources you've invested in creating and managing your asset and (meta)data by making incremental and full backups. In the event of a failure or incident, we can perform an immediate backup restore.
Staff
All our employees are trained and aware of the applicable safety standards. To this end, Comrads regularly organizes training and awareness sessions for all new and existing employees. These sessions include personal conversations, (online) tech sessions and awareness meetings that ensure that security documentation is read and understood. New employees are also always screened.
Suppliers
To ensure our high level of security across the board, supply chain responsibility plays an important role. This means that Comrads only chooses or allows business partners and suppliers that can offer at least the same level of security or better or that can meet Comrads' requirements. Contractual arrangements are made with each partner and data processing agreements and confidentiality are a minimum requirement. Within the procedures of our ISO/IEC 27001:2013 management system, all our partners are regularly checked.